#VU90453 Memory leak in Linux kernel
Vulnerability identifier: #VU90453
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5
http://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159
http://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073
http://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3
http://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3
http://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975
http://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661
http://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4
http://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
